TACACS+ is a security application that provides centralized validation of users attempting to gain access to a router or Network Access Server ( NAS). TACACS+ allows a client to accept a username and password and sends a query to a TACACS+ authentication server (“TACACS+ daemon” or simply “TACACS+D”).
The TACACS+ server is generally a program running on a host. The host determines whether to accept or deny the request and sends a response back. A NAS operates as a TACACS++ Client.
TACACS+ services (the user and group profiles with the authentication and authorization information) are maintained in a central security database on a TACACS+ daemon running typically on a UNIX or Windows NT workstation.
TACACS+ is commonly used for embedded network devices such as routers, modem servers, switches, etc. TACACS+ is used because it provides independently separate and modular authentication, authorization, and accounting ( AAA) facilities achieved by a single access control server (the TACACS+ daemon).
iS5Com TACACS+ is a portable software implementation of the TACACS+ Client protocol defined in “The TACACS+ Protocol, draft-ietf-opsawg-tacacs-09”.
iS5Com TACACS+ uses TCP for packet transmission. It is intended to be used by ISPs and corporate gateways for providing the AAA functionalities for users trying to connect to the server by using PPP, SLIP, ARAP, exec, Telnet, etc.